Infosec officers are coming around to the idea that their job is more about managing risk than putting the entire organization on permanent lockdown. But do security pros understand risk management as well as they think they do?

Some of the most innovative new enterprise technologies come from start-ups, but doing business with them can be risky, given their unproven products and short track records. With Anthony Bettini, Co-Founder and CEO of Appthority.

McAfee announced three new additions to its security family at Interop in Las Vegas this week, including an improvement in performance and scalability, and some enhancements to its support for virtual environments.

Pacific Northwest National Laboratory CIO, Jerry Johnson, provides some lessons learned from the attacks on his organization in July -- a highly publicized attack on an organization that provides cyber security services for the Dept. of Engergy.

Richard Bejtlich, CSO and VP of managed services, sits down with Dark Reading's Kelly Jackson Higgins at Black Hat USA to talk about the two hats he wears at the incident response company, and trends in attacks against enterprises and security firms.

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

It's one thing to hire a third-party developer to build a mobile app. It's quite another to trust a pen tester, MSSP, or DDoS protection firm. But the fact is, the threat landscape is complex, and few organizations can keep security completely in house. Here's how to decide what to outsource and select and manage providers.

Published: 2015-03-31The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.